{"schema_version": "1.6.1", "id": "CVE-2021-45232", "summary": "security vulnerability on unauthorized access.", "details": "In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.  ", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "2.7 and 2.7.1"}, {"last_affected": "2.7 and 2.7.1"}]}, {"type": "SEMVER", "events": [{"introduced": "2.8"}, {"last_affected": "2.8"}]}, {"type": "SEMVER", "events": [{"introduced": "2.9"}, {"last_affected": "2.9"}]}, {"type": "SEMVER", "events": [{"introduced": "2.10"}, {"last_affected": "2.10"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/979qbl6vlm8269fopfyygnxofgqyn6k5"}]}